BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:04 AM |
I've already posted a thread in Roblox Talk that got 600 views and 4 pages. Out of dozens of idiots I found someone useful.
Anyway we are looking for mostly website oriented exploits and glitches. Were trying to find and replicate the things nikayah and aeacus and nate2800 used to do. We prefer if you have knowledge with
Fiddler2 Programming Understand code And experience with exploits (No I dont mean a youtube video you found on how to hack insertgamehere >_>) I mean experience with finding your own exploits but if you know programming and fiddler2 shiz I guess thats good enough.
Add me on xfire: kidnomorroblox
We already have a hunch. :)
|
|
|
| Report Abuse |
|
|
| |
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:05 AM |
Btw Ive already got a team of 5 so far. 3 Really nice programmers in it.
Im sure you know them but Im not leaking there names out. |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:06 AM |
@ArceusInator
Sure. Why not? Add it to the list. |
|
|
| Report Abuse |
|
|
Seranok
|
  |
| Joined: 12 Dec 2009 |
| Total Posts: 11083 |
|
|
| 28 Jul 2012 12:06 AM |
| I meet all the criteria but hacking ROBLOX is really dumb. |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:07 AM |
Its actually really easy aswell.
Well it used to be atleast :) |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
| |
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 28 Jul 2012 12:10 AM |
> Fiddler2
I've seen that too many times today q__q |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:13 AM |
@mew903
In regards to what? |
|
|
| Report Abuse |
|
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 28 Jul 2012 12:13 AM |
"Were trying to find and replicate the things nikayah and aeacus and nate2800 used to do. "
I also did exploiting with them back in the day, and I can tell you that we did not do anything that interesting, just renaming players and making assets that popped up alerts when viewed mostly.
The exploits for that stuff are not possible anymore, the security is _very_ much more locked down now than it was then, mostly thanks to us finding and reporting all that stuff.
Plus soon enough replication filtering will be out any you really won't be able to do anything towards well constructed games. |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:14 AM |
Excuse my rotarded English I mean where? |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:16 AM |
@stravant
I am aware that most of it isn't possible. Were still looking for onsite stuff.
And Im guessing XML inside tshirts was patched? |
|
|
| Report Abuse |
|
|
mew903
|
  |
| Joined: 03 Aug 2008 |
| Total Posts: 22071 |
|
|
| 28 Jul 2012 12:18 AM |
| I told Sorcus a minor XSS problem in the site today, but it didn't seem that big of a threat to me. |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 28 Jul 2012 12:19 AM |
@xLEGOx Then why was I able to post comments to uncommentable places simpley by copying the comment form from one page to another? ROBLOX makes too many assumptions when it comes to the santizedness of their input. They always overlook stuff. They still haven't patched the root cause of why I was able to force players to buy items by joining my game, and recently changing their statuses. Both times I reported it, I told them what they needed to fix, and both times they merely added event validation instead of fixing the real problem.
~Monica |
|
|
| Report Abuse |
|
|
LocalChum
|
  |
| Joined: 04 Mar 2011 |
| Total Posts: 6906 |
|
| |
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 28 Jul 2012 12:20 AM |
"Then why was I able to post comments to uncommentable places simpley by copying the comment form from one page to another?"
Probably a low priority fix since that's a harmless bug. Most of the actual exploitable XSS has been patched. |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 28 Jul 2012 12:22 AM |
If I had written it, I would have checked the ID of the place against the database to make sure commenting was enabled. The devs didn't think it was necessary, and now people think I payed people to close comments after I posted them. I paid the ultimate price.
~Monica |
|
|
| Report Abuse |
|
|
Seranok
|
  |
| Joined: 12 Dec 2009 |
| Total Posts: 11083 |
|
|
| 28 Jul 2012 12:22 AM |
| most of the "exploits" out there are pretty much harmless. |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:24 AM |
"Most of the actual exploitable XSS has been patched."
Dreams crushed. |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:25 AM |
If you couldn't tell that was saracasm then.
I dont know. |
|
|
| Report Abuse |
|
|
Seranok
|
  |
| Joined: 12 Dec 2009 |
| Total Posts: 11083 |
|
|
| 28 Jul 2012 12:26 AM |
| I know of a few XSS that are unpatched but they are pretty much utterly useless not worth the dev's time in fixing them |
|
|
| Report Abuse |
|
|
stravant
|
  |
 |
| Joined: 22 Oct 2007 |
| Total Posts: 2893 |
|
|
| 28 Jul 2012 12:26 AM |
"If I had written it, I would have checked the ID of the place against the database to make sure commenting was enabled."
It's obviously not that simple. If you look at any non-trivial sites code there's usually many layers of framework between getting the raw data from the request and actually processing it with your written code.
It may be a sign of bad framework design if those things are getting through, but it's certainly not plain negligence. |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 28 Jul 2012 12:28 AM |
True, I have not worked with what ever framework they user. But I still feel like at the very bottom it should have checked.
~Monica |
|
|
| Report Abuse |
|
|
BloxHound
|
  |
| Joined: 30 Oct 2009 |
| Total Posts: 403 |
|
|
| 28 Jul 2012 12:30 AM |
Any ideas on how fluffy got p4sswoods via a friend request.
We already have some ideas. |
|
|
| Report Abuse |
|
|
mustyoshi
|
  |
 |
| Joined: 27 Dec 2007 |
| Total Posts: 41651 |
|
|
| 28 Jul 2012 12:34 AM |
I still think he didn't get passes. ROBLOX wouldn't store them in plaintext, they're not that stupid.
~Monica |
|
|
| Report Abuse |
|
|